FAQs

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Who is Heeler built for?

Heeler is built for security leaders — CISOs, AppSec, ProdSec, and DevSecOps — at companies where developers and AI coding agents work side by side. The platform brings security guidance into the moment of code generation, so AI-assisted development doesn't outpace what review can catch.

What does "Agentic Development Security" mean?

Agentic Development Security is the category Heeler defines: a security platform purpose-built for software development where developers and AI coding agents share authorship. It operates across three continuous layers — Prevent (stop risk from entering the codebase), Fix (deterministic agentic remediation that ships validated PRs), and Audit (continuous re-evaluation across SCA, SAST, Secrets, and Agent Skills).

What is the Context Engine?

The Context Engine is Heeler's foundation: six interconnected layers — Code, Cloud, Business, Ownership, Threat, and Agent — automatically built and maintained from your existing tools. Every security decision Heeler makes (block, fix, audit) draws from this context so what's risky for your organization differs intelligently from what's risky in the abstract.

How does Heeler integrate with AI coding agents?

Heeler ships an MCP server and Agent Skills that AI coding agents (Claude Code, Cursor, GitHub Copilot, and others) read at the moment they generate code — so policy and security context arrive in the agent's reasoning instead of failing review later. A CLI lets developers and agents run the same checks locally before commit.

What does Heeler do at PR time?

Heeler runs Block / Warn / Observe guardrails on every PR. Block prevents merge on critical violations. Warn flags issues for reviewer attention without blocking. Observe captures data without changing behavior, so teams can roll out new guardrails risk-free before enforcing them.

What is deterministic agentic remediation?

Heeler doesn't guess at fixes the way an LLM would. It runs a deterministic workflow: upgrade the vulnerable dependency, validate the change in a sandbox, and iterate based on CI check feedback until everything passes — then open a merge-ready PR. The result is fixes you can trust at the volume AI-generated code creates.

What is Agent Skills security?

Agent Skills security is Heeler's coverage for the surfaces AI coding agents read but standard code review doesn't see — MCP tool descriptions, inherited CLAUDE.md files, fetched documentation, and dependency README files. Heeler continuously scans these artifacts for prompt injection, malicious instructions, and risky configurations, so an attacker can't redirect your agents through a hostile string buried in a downstream dependency.

What environments and tech stacks does Heeler support?

Heeler is built for cloud-first applications using the following technology stacks: AWS, GCP, Azure, and Kubernetes; GitHub, GitLab, Azure DevOps; and Python, Java, Kotlin, Golang, C#, JavaScript, TypeScript.

Is Heeler suitable for companies of all sizes?

Heeler is ideal for companies of all sizes that run applications in public cloud environments. It’s particularly suited for organizations looking to integrate security into their development process without compromising speed or flexibility.

What does pricing look like?

Pricing starts at $35 per contributing developer per month and decreases with volume — companies with 500+ developers see meaningful tier discounts. We provide an exact quote during the sales conversation once we understand your team size and use case.

How does Heeler count "contributing developers"?

A contributing developer is anyone whose commits land in repos Heeler is scanning. AI agents that commit on behalf of developers count under the human user account, not separately. The pricing unit scales with team size, not with how much code your agents generate.

Is Heeler SOC 2 certified?

Yes. Heeler is SOC 2 certified, and our complete compliance posture — controls, attestations, and security practices — is documented at our public Trust Center: trust.heeler.com.

No matching results found